Engima2 enable ssh key access only

[Alankellyeire]

hey

i managed to convert the key using the following command just in case anyone else was wondering

Code:

dropbearconvert openssh dropbear /home/me/.ssh/id_rsa /etc/dropbear/dropbear_rsa_host_key

im still being asked for a password. any ideas?

do i need to change a setting and is there a way to turn off password access like openssh

[birdman]

im still being asked for a password. any ideas?

Are you telling ssh that you want to login as root (ssh root@vixbox)? If not it will prompt you for a password as that key only applies to root.

.... and is there a way to turn off password access like openssh

These relevant options exist for the dropbear server (there are others - type "dropbear -?" to get them all.

-w Disallow root logins
-s Disable password logins
-g Disable password logins for root
-B Allow blank password logins

You can set these by editing the /etc/default/dropbear file and setting the DROPBEAR_EXTRA_ARGS value. The default sets -B.
If you change that file add it to your backup list as well.

[Alankellyeire]

Are you telling ssh that you want to login as root (ssh root@vixbox)? If not it will prompt you for a password as that key only applies to root.

These relevant options exist for the dropbear server (there are others - type "dropbear -?" to get them all.

-w Disallow root logins
-s Disable password logins
-g Disable password logins for root
-B Allow blank password logins

You can set these by editing the /etc/default/dropbear file and setting the DROPBEAR_EXTRA_ARGS value. The default sets -B.
If you change that file add it to your backup list as well.

Im converting my rsa public key(id.rsa.pub) after transferring it to the vix box using scp. i then run dropbearconvert but get an error

Code:

Error: File does not begin with OpenSSH key header
Error reading key from '/home/root/.ssh/id_dsa.pub'

i have tried with the private key also on a mac el captian and ubuntu 14.04 which the same results for both.

Am i missing a step? any guide online i can find are for windows using putty gen.

here is some of the output from the debug

Code:

debug1: Host '192.168.0.103' is known and matches the RSA host key.
debug1: Found key in /Users/AlanKelly/.ssh/known_hosts:9
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/AlanKelly/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/AlanKelly/.ssh/id_dsa
debug1: Trying private key: /Users/AlanKelly/.ssh/id_ecdsa
debug1: Trying private key: /Users/AlanKelly/.ssh/id_ed25519
debug1: Next authentication method: password
root@192.168.0.103's password: 
debug1: Authentication succeeded (password).
Authenticated to 192.168.0.103 ([192.168.0.103]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_IE.UTF-8

[birdman]

[QUOTE=Alankellyeire;447013]Im converting my rsa public key(id.rsa.pub) after transferring it to the vix box using scp. i then run dropbearconvert but get an error

Code:

Error: File does not begin with OpenSSH key header
Error reading key from '/home/root/.ssh/id_dsa.pub'

It needs to be the private key. This is what happens with my pub/priv keys.

Code:

root@et8000:~# dropbearconvert openssh dropbear id_rsa.pub db.rsa
Error: File does not begin with OpenSSH key header
Error reading key from 'id_rsa.pub'
root@et8000:~# dropbearconvert openssh dropbear id_rsa db.rsa
Key is a ssh-rsa key
Wrote key to 'db.rsa'

However - while checking this it occurred to me that this is the host key. the one that a client can check to ensure it's reached the right host (or at least the same host as last time). It's specific to the host, so no point in generating it from your own key (although it does help to back it up so that it remains the same over any re-flash).

So in fact I can't see anywhere that the box saves keys for checking. Indeed - I can slogin to root from an account that knows nothing about any ssh keys at all.

A debug log when I login contains this:

Code:

debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentication succeeded (none).
Authenticated to et8000 ([192.168.1.154]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.

Sorry about the misleading info.

[Alankellyeire]

[QUOTE=birdman;447025]

Im converting my rsa public key(id.rsa.pub) after transferring it to the vix box using scp. i then run dropbearconvert but get an error

Code:

Error: File does not begin with OpenSSH key header
Error reading key from '/home/root/.ssh/id_dsa.pub'

It needs to be the private key. This is what happens with my pub/priv keys.

Code:

root@et8000:~# dropbearconvert openssh dropbear id_rsa.pub db.rsa
Error: File does not begin with OpenSSH key header
Error reading key from 'id_rsa.pub'
root@et8000:~# dropbearconvert openssh dropbear id_rsa db.rsa
Key is a ssh-rsa key
Wrote key to 'db.rsa'

However - while checking this it occurred to me that this is the host key. the one that a client can check to ensure it's reached the right host (or at least the same host as last time). It's specific to the host, so no point in generating it from your own key (although it does help to back it up so that it remains the same over any re-flash).

So in fact I can't see anywhere that the box saves keys for checking. Indeed - I can slogin to root from an account that knows nothing about any ssh keys at all.

A debug log when I login contains this:

Code:

debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentication succeeded (none).
Authenticated to et8000 ([192.168.1.154]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.

Sorry about the misleading info.

Yes I have tried it with the private key and it writes it to the file but any guide I am coming across say it should be the public key. Ok so just to be clear your saying it's not possible at all because dropbear doesn't generate a key? Maybe this is why I'm finding it so hard to find any guides on the matter.

[birdman]

Ok so just to be clear your saying it's not possible at all because dropbear doesn't generate a key? Maybe this is why I'm finding it so hard to find any guides on the matter.

There are multiple keys involved in an ssh connexion.

• The host key, which let's you know you are connecting the same host as last time. This gets saved (well, a signature does) in your local known_hosts file (at least on Unix/Linux). This is what the /etc/dropbear/dropbear_rsa_host_key key is.
• Authentication keys. This is where you'd have the private key on the client side to be checked against the public key on the server side. These would be under ~/.ssh. These don't seem to be used at all.

[Alankellyeire]

There are multiple keys involved in an ssh connexion.

• The host key, which let's you know you are connecting the same host as last time. This gets saved (well, a signature does) in your local known_hosts file (at least on Unix/Linux). This is what the /etc/dropbear/dropbear_rsa_host_key key is.
• Authentication keys. This is where you'd have the private key on the client side to be checked against the public key on the server side. These would be under ~/.ssh. These don't seem to be used at all.

Thanks. I'll look into installing openssh or something like it so.

I appreciate the help.